IAM Flashcards
What does a user represent?
What is a group?
What can groups contain?
What is the relationship between users and groups
How do you assign permissions to users or groups?
One user within your organization?
A group of users
Groups can only contain users, not other groups
Users can belong to 0, 1 or Many groups
Permissions are assigned to users or groups via a policy. A policy is a JSON document describing the permissions
Describe the structure of an IAM Policy?
What does a principal apply to?
Version, ID, Statements
Statement:
Sid, Effect, Principal, Action, Resource, Condition
Users, groups or roles
What is an IAM Role?
What are some common roles?
Some AWS services will need to perform actions on your behalf. To do so, we will assign permissions to AWS services with IAM Roles
EC2 Instance roles, Lambda Function Roles, Roles for CloudFormation
What is IAM Credentials Report?
What is IAM Access Advisor?
An account level report that list all your accounts users and the status of their various credentials. You can see info on whether a passworod is enabled, when it needs to be rotated, if they have generated keys. ETC
Access advisor show the service permissions granted to a user and when those services where last accessed
What are the tools you can use to generate IAM policies?
How can you test your access on some service?
How can you resolve meta-data about your EC2 instance?
Visual Editor & Policy Generator
Using the IAM Policy Simulator
By calling the metadata url from your instance. (169.254.169.254/latest/metadata)
What when do you use the SDK?
What happens if you don’t configure a default region in your SDK config?
When you want to access an AWS service from within your application code?
us-east-1 will be chosen by default